Cyber crime in 2025 and what to expect in 2026…
Organised cybercrime has grown into a highly industrialised ecosystem, operating like legitimate tech companies with R&D teams, customer support and subscription models. In 2026, we can expect gangs to continue to make the most out of AI-driven reconnaissance tools to scan thousands of networks for vulnerabilities in minutes, while ransomware-as-a-service (RaaS) platforms allow even low-skilled criminals to launch devastating attacks.
Generative AI is fuelling hyper-personalised phishing campaigns, making fraudulent emails indistinguishable from legitimate ones. These gangs also exploit MFA fatigue attacks, credential stuffing and adversary-in-the-middle phishing to bypass security controls. Their strategy is simple: target the weakest link, often small and midsized businesses, because they lack layered defences and incident response plans.
That’s why it’s more important than ever to review your current IT infrastructure to ensure that you are not open to vulnerabilities at all levels, by keeping up to date with the latest cyber criminal activity we can better understand the motivations for these cyber attacks, in our upcoming webinar we will cover what criminal gangs are focusing on and using to make the most damage.
Top 3 cyber attacks of 2025
What happened and why it matters
1. Marks & Spencer ransomware attack (April 2025)
The Scattered Spider group infiltrated M&S systems using social engineering and MFA fatigue attacks, tricking employees into approving fraudulent login attempts. Once inside, they exfiltrated the NTDS.dit file (Windows Active Directory database), cracked hashed credentials offline and deployed DragonForce ransomware across virtual servers.
This attack crippled online orders, contactless payments and recruitment systems for six weeks, costing an estimated £300M+ in lost revenue and exposing sensitive customer data. The incident highlights how credential theft combined with ransomware can paralyse operations, proving that MFA alone isn’t enough without proactive monitoring and behavioural analytics.
2. Legal Aid Agency data breach (April 2025)
Attackers exploited outdated software and weak web application firewalls, gaining unauthorised access to sensitive data of millions of applicants dating back to 2010. This breach exposed personal and legal information, creating a massive compliance and reputational crisis.
The root cause was poor patch management and lack of encryption, which allowed attackers to move laterally and extract data undetected. This case underscores the importance of continuous vulnerability scanning, timely patching and encryption of sensitive records, especially for organisations handling regulated data.
3. United Natural Foods Inc. (UNFI) supply chain attack (June 2025)
Hackers targeted UNFI’s electronic ordering systems, crippling grocery supply chains across North America. By exploiting unauthorised access and weak disaster recovery protocols, attackers disrupted operations for weeks, causing shortages at major retailers like Whole Foods.
This attack demonstrates how supply chain vulnerabilities can cascade into national-scale disruptions, emphasizing the need for vendor risk assessments, zero-trust principles and resilient business continuity plans. Cyber criminals increasingly view supply chains as high-value targets because they offer multiple entry points and widespread impact.
Key cyber crime statistics from 2025
- Microsoft Digital Defence Report: over 100 trillion security signals processed daily, blocking 4.5M malware files every day. Ransomware and extortion accounted for 52% of attacks, with AI accelerating phishing and fake websites.
- Sophos State of Ransomware: 90% of incidents in midsized businesses were ransomware-related, with exploited vulnerabilities as the root cause in 32% of attacks. Median ransom demand dropped to £994,530 but nearly half of victims still paid.
- Global outlook: cyber crime damages hit £7.97 trillion in 2025, making it the world’s third-largest economy if ranked as a country.
What’s coming in 2026
- We can expect weaponised AI to automate entire attack chains, from reconnaissance to exploitation, without human intervention
- Deepfake and synthetic identity fraud will target executives for financial theft, while quantum computing threats loom over encryption standards
- Industrialised cyber crime will enable gangs to launch 10 attacks in the time it once took to coordinate one, thanks to automation and AI-driven orchestration
- Businesses that fail to adopt Zero Trust, AI-based threat detection and the latest incident response plans will be prime targets
Register for our Webinar – CSG & Sophos Discuss: 2026 IT Security Predictions
📅 Date: Tuesday 9th December
🕒 Time: 10:00am – 10:45am
✅ Register your interest today
Don’t wait until you’re the next headline. Learn how to harden your defences, adopt Zero Trust and prepare for AI-driven threats with CSG and Sophos.